I used to host websites for clients, but I stopped taking on new hosting clients a few years ago and migrated all my existing hosting clients to Mythic Beasts. The only hosting-related service I still have running is a client whose domain portfolio I manage, along with some redirects, but that is now in the process of being migrated away too.
Most of these cases were small clients who wanted to deal with the same person for development and hosting. I still come across developers who cross-sell hosting to their clients, and it’s caused some very difficult situations when a client wants to use another developer but the developer who hosts the site is unwilling to give them access.
There are several reasons why I decided to pull out of hosting, although as I mentioned in my review of 2021, the main reason was: ‘I reviewed this service in 2021 and realised that I couldn’t continue to offer a high level of service at a price that made it worthwhile for me’.
Low margins: Website hosting is a business with low margins per customer, so you need significant volume to turn a profit (unless you’re doing something bespoke which you can charge more for). You can’t even make money from selling certificates now, given that they’re free from the likes of Let’s Encrypt.
Specialist service: Whilst there is some overlap between system administration and development (more than there is between design and development), hosting is still a specialist service and to do it right you need to focus on it. I am a competent system administrator but definitely not up to the scale of running a hosting provider without extra training.
24/7 monitoring: You have to monitor any hosting 24/7 to make sure that nothing has gone down. You also need to be available in case someone reports ‘dodgy’ content – which could be copyright infringement, illegal content etc. Nowadays there are legal rules around how quickly you have to take down content in certain circumstances.
Liability: If one of the websites I host breaks the law, am I liable as the hosting provider? I’d like to think there is some protection, but I do not want to be a test case or have to deal with the threats of legal action, even if they turn out to be ineffective.
Attack target: Hosting websites makes you a target for attacks, because at least one of your customers will be running an ancient version of software like WordPress with known security vulnerabilities. No matter how secure your underlying system is, if you allow customers to upload arbitrary content then you’re vulnerable all the time. Even if you automate updates for your customers, such as with a managed WordPress installation, users can still choose weak passwords which allow account compromises and malicious files to be uploaded.
Lack of redundancy: I’m the only person in my business, and if I fell under a bus then it could be very difficult for my clients to move their sites to another host. Even under less disastrous scenarios where I’m merely out of action for a short period, there would be no support.
Ultimately, web hosting is stressful, risky and unlikely to be profitable at the volumes I would be working with.